diff --git a/home/dotfiles/zshrc b/home/dotfiles/zshrc
index b9a8760..03eaa40 100644
--- a/home/dotfiles/zshrc
+++ b/home/dotfiles/zshrc
@@ -167,6 +167,69 @@ fi
 section_end
 
 
+# sugar to easily connect to remote docker hosts through SSH
+section "ssh-based remote docker access"
+ssh_docker() {
+	args=("$@")
+	control_path=$(sha1sum - <<< "${args[-1]}" | awk '{print $1}')
+	base_path=/var/tmp/ssh-docker/$(sha1sum - <<< "$1" | awk '{print $1}')
+	control_path="${base_path}.control"
+	sock_path="${base_path}.sock"
+	if [ -f "${sock_path}" ]
+	then
+		echo "Socket path ${sock_path} already exists." >&2
+		return 1
+	fi
+	if [ -f "${control_path}" ]
+	then
+		echo "Control path ${control_path} already exists." >&2
+		return 1
+	fi
+	mkdir -p /var/tmp/ssh-docker
+	ssh -o ControlMaster=auto -o ControlPersist=yes -o ControlPath="${control_path}" -nfNT -L "${sock_path}:/var/run/docker.sock" "$@"
+	echo "export DOCKER_TLS_VERIFY="
+	echo "export DOCKER_HOST=unix://${sock_path}"
+	echo "export DOCKER_CERT_PATH="
+	echo "export DOCKER_SSH_CONTROL_PATH=${control_path}"
+	echo "export DOCKER_SSH_SOCKET_PATH=${sock_path}"
+}
+ssh_docker_exit() {
+	args=("$@")
+	if [ "${#args}" -gt 0 ]
+	then
+		base_path=/var/tmp/ssh-docker/$(sha1sum - <<< "${args[-1]}" | awk '{print $1}')
+		control_path="${base_path}.control"
+		sock_path="${base_path}.sock"
+	else
+		control_path="${DOCKER_SSH_CONTROL_PATH}"
+		sock_path="${DOCKER_SSH_SOCKET_PATH}"
+	fi
+	if [ -z "${control_path}" ]
+	then
+		echo "No active Docker SSH forwarding found in environment." >&2
+		return 1
+	fi
+	ssh -o ControlPath="${control_path}" -O exit "$@" dummy
+	rm -f "${sock_path}" "${control_path}"
+}
+ssh_docker_cleanup() {
+	for socket in /var/tmp/ssh-docker/*.sock
+	do
+		if [ ! -e "$socket" ]
+		then
+			continue
+		fi
+		control="$(basename "$socket" .control).sock"
+		DOCKER_SSH_CONTROL_PATH="$control" \
+		DOCKER_SSH_SOCKET_PATH="$socket" \
+		ssh_docker_exit
+	done
+}
+export ssh_docker
+export ssh_docker_exit
+export ssh_docker_cleanup
+section_end
+
 # alias
 section "alias"
 if [ $ZSH_ALIAS -gt 0 ]; then